How long does port scanning take

If the estimate is within your timeframe, you can schedule something else to do while it proceeds. That beats checking whether Nmap is done every 20 minutes. An estimate showing that Nmap won't finish on time is even more valuable.

You can immediately work on optimizing the scan or lengthening the engagement. Your options are much more limited if you only determine the scan is too slow after the deadline passes and Nmap is still running. Coping Strategies for Long Scans Chapter 6. Optimizing Nmap Performance. Coping Strategies for Long Scans. Use a Multi-stage Approach. OS detection isn't as accurate against such hosts anyway.

By default, Nmap performs reverse-DNS resolution against every host that is found to be online. It is done against all hosts if you skip the ping step with -Pn or specify -R.

While Nmap now has a fast parallel reverse-DNS system to speed queries, they still can take a substantial amount of time. Disable them with the -n option when you don't need the data.

DNS time is not a major factor in more involved scans which probe thousands of ports or utilize intensive features such as version detection. If you want the Nmap host machine to handle name resolution using the gethostbyaddr function , specify the --system-dns option. Doing so can slow scans down dramatically. Nmap offers dozens of options for providing hints and rules to control scan activity. You can even combine the two.

These options are particularly useful when scanning highly filtered networks where Nmap receives few responses to determine its own timing estimates. Scan time can often be safely cut in half. Most of these options will have little effect against a local LAN filled with responsive hosts, as Nmap can determine optimal values itself in that case. Scanning UDP ports is important because many vulnerable services use that protocol, but the timing characteristics and performance requirements of UDP scans are much different than TCP scans.

You often want different timing flags for each protocol, requiring separate command lines. There have been many cases where I have investigated reports of poor Nmap performance only to find that the reporter used an ancient version that was many years out of date.

The newest versions of Nmap have important algorithmic improvements, bug fixes, performance-enhancing features such as local network ARP scanning, and more.

Upgrade if necessary. If it is still not fast enough, try the other techniques in this chapter. Some people try to speed up Nmap by executing many copies in parallel against one target each. For example, the Nessus scanner used to do this by default. This is usually much less efficient and slower than letting Nmap run against the whole network. Nmap has its own parallelization system that is customized to its needs, and Nmap is able to speed up as it learns about network reliability when it scans a large group.

Further, there is substantial overhead in asking the OS to fork 65, separate Nmap instances just to scan a class B. Having dozens of copies of Nmap running in parallel is also a memory drain since each instance loads its own copy of the data files such as nmap-services and nmap-os-db. While launching single-host Nmap scans in parallel is a bad idea, overall speed can usually be improved by dividing the scan into several large groups and executing those concurrently.

Don't go overboard though. Five or ten Nmap processes are fine, but launching Nmap processes at once is not recommended. Launching too many concurrent Nmap processes leads to resource contention.

Another sort of concurrency is to run Nmap from different hosts at once. You can have cron or At on Windows schedule local hosts on each of your networks to start scanning machines local to them at the same time, then mail the results to a central data server. Scanning your Australian network from the U.

The difference will be even greater if the U. I would love to be able to represent these in a graph and possibly test these results as well. Improve this question. Spiff So since you have nmap and use it, why just not test it? Well nmap can do all this, but I was wondering if there were any equations or proportions I could also use to plot graphs as if i wasnt using nmap as well — rshah. You can increase the speed. That also depends on hops number and network speed.

Go through nmap port scanning techniques details. Add a comment. Active Oldest Votes. Improve this answer. Spiff Spiff Are there any clear correlations with regards to the scan time? The Overflow Blog. Does ES6 make JavaScript frameworks obsolete? Podcast Do polyglots have an edge when it comes to mastering programming